• Avantia Threat Update


This Past Week;

Phone attack converts smart vacuums into microphones; Work from anywhere: is 2021 the future of work - aUSA perspective; IoT Security is a mess - these guidelines could help fix that; This critical software flaw is now being used to break into networks - so update fast; Hackers scale ‘The North Face’; Ransomware rocks eCommerce; An in-depth look at the importance of cyber resilience; How remote work increases ransomware danger, and major breaches in UNITED STATES; CANADA; UNITED KINGDOM; CHILE; ITALY; AUSTRALIA; GERMANY; INDIA; SINGAPORE; MALAYSIA.

Dark Web ID’s Top Threats

Top Source Hits: ID Theft Forum

Top Compromise Type: Domain

Top Industry: Education & Research

Top Employee Count: 501+



A team of academics has detailed this week novel research that converted a smart vacuum cleaner into a microphone capable of recording nearby conversations. Named LidarPhone, the technique works by taking the vacuum's built-in LIDAR laser-based navigational component and converting it into a laser microphone. Laser microphones are well-known surveillance tools that were used during the Cold War to record conversations from afar. Intelligence agents pointed lasers at far-away windows to monitor how glass vibrated and decoded the vibrations to decipher conversations taking place inside rooms. Academics from the University of Maryland and the National University of Singapore took this same simple concept but applied it to a Xiaomi Roborock vacuum cleaning robot. Certain conditions need to be met: A LidarPhone attack is not straightforward, and certain conditions need to be met. For starters, an attacker would need to use malware or a tainted update process to modify the vacuum's firmware in order to take control of the LiDAR component. This is needed because vacuum LiDARs work by rotating at all times, a process that reduces the number of data points an attacker can collect. Through tainted firmware, attackers would need to stop the vacuum LiDAR from rotating and instead have it focus on one nearby object at a time, from where it could record how its surface vibrates to sound waves.How BHP overcame site lockdowns with mixed reality and online expertise. With traditional FIFO not possible, BHP found an answer in just four weeks, creating a new RIRO ‘remote-in, remote-out’ paradigm to get experts into the field with smart tech. In addition, because smart vacuum LiDAR components are nowhere near as accurate as surveillance-grade laser microphones, the researchers also said the collected laser readings would need to be uploaded to the attacker's remote server for further processing in order to boost the signal and get the sound quality to a state where it can be understood by a human observer. Nonetheless, despite all these conditions, researchers said they were successful in recording and obtaining audio data from the test Xiaomi robot's LiDAR navigational component. They tested the LidarPhone attack with various objects, by varying the distance between the robot and the object, and the distance between the sound origin and the object. Tests focused on recovering numerical values, which the research team said they managed to recover with a 90% accuracy. But academics said the technique could also be used to identify speakers based on gender or even determine their political orientation from the music played during news shows, captured by the vacuum's LiDAR.

NO NEED TO PANIC YET. JUST ACADEMIC RESEARCH. But while the LidarPhone attack sounds like a gross invasion of privacy, users need not panic for the time being. This type of attack revolves around many prerequisites that most attacks won't bother. There are far easier ways of spying on users than overwriting a vacuum's firmware to control its laser navigation system, such as tricking the user on installing malware on their phone. The LidarPhone attack is merely novel academic research that can be used to bolster the security and design of future smart vacuum robots. In fact, the research team's main recommended countermeasure for smart vacuum cleaning robot makers is to shut down the LiDAR component if it's not rotating. Additional details about the research are available in a research paper titled "Spying with Your Robot Vacuum Cleaner: Eavesdropping via Lidar Sensors." The paper is available for viewing in a PDF format and was presented at the ACM Conference on Embedded Networked Sensor Systems (SenSys 2020), on November 18, 2020.


It's perpetually surreal to be living through what will inevitably be a historical pivot point. Our short-term adjustments are giving way to long term changes, and it's astounding how apparent that is. Nevertheless, the substance of the changes to work and culture, the ones that will survive, remain elusive, a betting person's game. Fortunately, some executives are willing to wade into the murky waters of prediction. One of them is Audrey Khusid, founder and CEO of. As head of the digital white boarding platform, which has doubled its user base from 3.7M to 9M since March and is now used by 95% of Fortune 100 companies, Khusid has a front row seat to the evolution of the changing workplace. Based on his observations from 2020, he predicts that work from home will become work from anywhere (WFX), and there will be a massive digital transformation as a result. What else will change? I caught up with Khusid to discuss the future. Here are his six most poignant predictions for 2021, with thanks for the insights. Mastering remote work is all about finding the right tools to stay productive and connected. This guide will have you and your team synchronized and working in harmony, wherever you happen to be. More and more companies are announcing that remote work will be permanent, even when travel restrictions and social distancing will not be. The result: As travel opportunities begin to reopen, millions of employees will turn their new-found remote status into the chance to work from anywhere, relocating outside of urban centers, making up for lost time with family, or participating in remote years and other "workation" opportunities. And because companies have spent the last year investing in technology that enables virtual collaboration -- for many of these employees the transition will be seamless and unnoticed by employers. The US heartland will see an "undraining" of brains. The phenomenon of highly skilled college graduates leaving their hometowns in middle America and relocating to economic centers like Silicon Valley, New York, and Austin is commonly known as "Brain Drain," -- and remote work may finally bring it to an end. Instead of fleeing the heartland en masse for new opportunities, remote work will allow these workers to stay settled in regional hubs like Madison, Grand Rapids, Asheville, Boulder, Nashville, and Raleigh. This regionalization of talent will have a massive impact on American culture, affecting everything from real-estate markets to electoral politics -- while still giving companies from around the country access to top talent. Digital transformation has pushed enterprises to look deeply into their data centre. strategyPoint to Accelerators coming out of places like Buffalo, South Bend, and Charlotte. Hybrid work will present new challenges to unequipped teams. Thousands of enterprises will gradually begin phasing teams back into the office by adopting hybrid strategies that combine remote and in-office work. While hybrid work is a good compromise to protect employees with health concerns, the risk becomes introducing "worst of both worlds" work habits into company collaboration. To mitigate these effects, enterprises can embrace a culture of asynchronous sharing to replace many of the status and other routine meetings that fill up employee calendars. For brainstorms and real-time meetings, companies must make meetings interactive so that virtual attendees can participate with just as little friction as in-person ones, and craft collaborative practices that are inclusive to remote workers, like holding meetings entirely virtually even if some members are in the office. Engagement is the new productivity. Since the start of the SaaS (Software As A Service) era, billions of dollars have been invested into technology solutions that offered improvements to productivity in the enterprises. Many of the startups built by offering these solutions are now publicly traded companies like Slack and Asana, and even more solutions in the space have come from giants like Google and Microsoft. Looking forward, CIO priorities and budgets will shift away from making employees more productive and into making them more engaged. Engagement is different from productivity. Engagement refers to the passion employees have for their jobs and the connection they feel to their teams. In an era of remote and hybrid work, high levels of engagement will be a competitive advantage in developing products, attracting talent, and building customer loyalty in a crowded landscape. In the new world of work from anywhere (WFX), employees must amplify their engagement to find advancement opportunities. One of the drawbacks of remote work is that it's more difficult to draw attention to what you're working on day-to-day. In an office setting your attitude, body language, and relationships help drive the way you're perceived, opening doors for those with genuine enthusiasm and passion for their workplace. But in a remote setting where employees collaborate predominantly with text, such enthusiasm is harder for employees to convey and for employers to identify. In 2021 it will be important that employees put extra effort into amplifying their engagement virtually to make sure they get new opportunities. They must participate in virtual events, be active in group messaging, and keep their enthusiasm high during zoom calls to stand out as leaders while working from home. Young careers may suffer from lack of organic mentorship opportunities. Particularly early in their careers, young workers depend on a combination of observing experienced colleagues and formal, hands-on mentorship to improve the job skills that allow them to grow. In a remote work environment, organic opportunities for this kind of learning are fewer and further between. In an office, you can hear colleagues think out loud, hop in informal huddles to share the reasoning behind decisions, and observe professional behavior in-person to learn the ropes. In a work from anywhere (WFX) world, this is not possible. To help develop a new generation of talent, companies will need to be proactive and deliberate in 2021 in building mentorship programs, and managers must give time and love to new employees to make sure they are learning the ropes and ultimately mastering their jobs to take on new challenges. Those who fail to do so risk losing rising talent.


The supply chain around the Internet of Things (IoT) has become the weak link in cybersecurity, potentially leaving organisations open to cyber attacks via vulnerabilities they're not aware of. But a newly released set of guidelines aims to ensure that security forms part of the entire lifespan of IoT product development. The Guidelines for Securing the IoT – Secure Supply Chain for IoT report from the European Union Agency for Cybersecurity (ENISA) sets out recommendations throughout the entire IoT supply chain to help keep organisations protected from vulnerabilities which can arise when building connected things. One of the key recommendations is that cybersecurity expertise should be further integrated into all layers of organisations, including engineering, management, marketing and others so anyone involved in any part of the supply chain has the ability to identify potential risks – hopefully spotting and addressing them at an early stage of the product development cycle and preventing them from becoming a major issue. It's also recommended that 'Security by Design' is adopted at every stage of the IoT development process, focusing on careful planning and risk management to ensure that any potential security issues with devices are caught early. "Early decisions made during the design phase usually have impactful implications on later stages, especially during maintenance," said the report. Another recommendation that organisations throughout the product development and deployment cycle should forge better relationships in order to address security loopholes which may arise when there's no communication between those involved. These include errors in design due to lack of visibility in the supply chain of components – something which can happen when there's misunderstandings or lack of coordination between parts manufacturers and the IoT vendor. However, not all responsibility should rely with IoT manufacturers, the paper also recommends that customers and end-user organisations need to play a role in supply chain implementation and can "benefit greatly from dedicating resources to studying the current landscape and adapting the existing best practices to their particular case". "Securing the supply chain of ICT products and services should be a prerequisite for their further adoption particularly for critical infrastructure and services. Only then can we reap the benefits associated with their widespread deployment, as it happens with IoT," said Juhan Lepassaar, executive director or ENISA.


State-backed hackers and criminal gangs are now actively using a vulnerability in mobile device management (MDM) software to successfully gain access to networks across government, healthcare and other industries. The UK's National Cyber Security Centre (NCSC) has issued an alert warning that a number of groups are currently using a vulnerability in MDM software from MobileIron. MDM systems allow system administrators to manage an organisation's mobile devices from a central server, making them a valuable target for criminals or spies to break into. In June 2020, MobileIron released security updates to address several vulnerabilities in its products. This included CVE-2020-15505, a remote code execution vulnerability. This critical-rated vulnerability affects MobileIron Core and Connector products, and could allow a remote attacker to execute arbitrary code on a system. The NCSC is aware that nation-state groups and cyber criminals "are now actively attempting to exploit this vulnerability to compromise the networks of UK organisations". While the UK report doesn't provide any information as to the identity of these groups, this vulnerability has already become popular with Chinese state-backed hackers.How online insurer Youi keeps its award-winning culture thriving while working remotely. With many staff now at home, Youi accelerated their technology roadmap to keep their people informed and engaged in new ways, all while keeping the business on target. While MobileIron made security updates available for all impacted versions on 15 June 2020, not every organisation has yet updated their software. "In some cases, when the latest updates are not installed, they have successfully compromised systems. The healthcare, local government, logistics and legal sectors have all been targeted but others could also be affected," NCSC said. A proof-of-concept version of the exploit became available in September 2020, and since then both hostile state actors and cyber criminals have attempted to exploit this vulnerability in the UK and elsewhere. These attackers typically scan victims' networks to identify vulnerabilities, including CVE-2020-15505, to be used during targeting, NCSC said. It noted that sophisticated hackers are using this vulnerability in combination with the Netlogon/Zerologon vulnerability CVE-2020-1472 in a single intrusion attempt. NCSC notes that it's also important for organisations using affected versions to ensure they are following other best-practice cybersecurity advice, such as scanning their own networks and undertaking continual audits. This will help identify suspicious activity in the event that this vulnerability has already been exploited. "In the case of this MobileIron vulnerability, the most important aspect is to install the latest updates as soon as practicable," NCSC said.


A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named, ZDNet has learned this week. The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he claims are owned by high-level executives occupying functions such as:

CEO - chief executive officer; COO - chief operating officer; CFO - chief financial officer or chief financial controller

CMO - chief marketing officer; CTOs - chief technology officer; President; Vice president; Executive Assistant; Finance Manager; Accountant; Director; Finance Director; Financial Controller; Accounts Payables.

Access to any of these accounts is sold for prices ranging from $100 to $1,500, depending on the company size and user's role. A source in the cyber-security community who agreed to contact the seller to obtain samples has confirmed the validity of the data and obtained valid credentials for two accounts, the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain. The source, which requested that ZDNet not use its name, is in the process of notifying the two companies, but also two other companies for which the seller published account passwords as public proof that they had valid data to sell. These were login details for an executive at a UK business management consulting agency and for the president of a US apparel and accessories maker. The seller refused to share how he obtained the login credentials but said he had hundreds more to sell. According to data provided by threat intelligence firm KELA, the same threat actor had previously expressed interest in buying "Azor logs," a term that refers to data collected from computers infected with the AzorUlt info-stealer trojan. Infostealer logs almost always contain usernames and passwords that the trojan extracts from browsers found installed on infected hosts. This data is often collected by the infostealer operators, who filter and organize it, and then put it on sale on dedicated markets like Genesis, on hacking forums, or they sell it to other cybercrime gangs. "Compromised corporate email credentials can be valuable for cybercriminals, as they can be monetized in many different ways," KELA Product Manager Raveed Laeb told ZDNet. "Attackers can use them for internal communications as part of a 'CEO scam' - where criminals manipulate employees into wiring them large sums of money; they can be used in order to access sensitive information as part of an extortion scheme; or, these credentials can also be exploited in order to gain access to other internal systems that require email-based 2FA, in order to move laterally in the organization and conduct a network intrusion," Laeb added. But, most likely, the compromised emails will be bought and abused for CEO scams, also known as BEC (Business Enterprise Compromise) scams. According to an FBI report this year, BEC scams were, by far, the most popular form of cybercrime in 2019, having accounted for half of the cybercrime losses reported last year. The easiest way of preventing hackers from monetizing any type of stolen credentials is to use a two-step verification (2SV) or two-factor authentication (2FA) solution for your online accounts. Even if hackers manage to steal login details, they will be useless without the proper 2SV/2FA additional verifier.


THREAT FOCUS: Delaware Division of Public Health - UNITED STATES

Exploit: Accidental Data Sharing

Delaware Division of Public Health: State Health Agency

Risk to Business: 2.311 = Severe - The Delaware Division of Public Health announced that in mid-September, a temp sent two emails containing COVID-19 test results for approximately 10,000 individuals to the wrong party. The August 13, 2020, email included test results for individuals tested between July 16, 2020, and August 10, 2020. The August 20, 2020, email included test results for individuals tested on August 15, 2020. Investigators have determined that these emails were sent by mistake, as the information was supposed to be sent to a member of the call center staff to assist individuals in obtaining their test results.

Individual Risk: 2.824 = Moderate - The information mistakenly released in this foul-up included the date of the test, test location, patient name, patient date of birth, phone number if provided, and test result. Customers Impacted: 10,000

How it Could Affect Your Business: Human error remains the number one cause of a data breach. Security awareness training is the most effective way to prevent unfortunate employee errors. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. Call Avantia on +61 7 30109711 to find out more.


Exploit: Unsecured Database

Vertafore Inc.: Insurance Company

Risk to Business: 1.702 = Severe - Information about 27.7 million Texas drivers has been exposed online and stolen from an unsecured database belonging to insurance company Vertafore Inc. after someone put three major company files on an unsecured storage server.

Individual Risk: 2.662 = Moderate - The company says that no identification misuse has been determined, but they’re also offering free credit monitoring and identity restoration services to all Texas driver’s license holders potentially affected by the data breach.

Customers Impacted: $27.7 million

How it Could Affect Your Business: Bad data handling is a symptom of poor cybersecurity hygiene, and it can easily lead to bigger problems like ransomware and password compromise.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. Call Avantia on +61 7 30109711 to find out more.


Exploit: Third Party Software

X-Cart: eCommerce Platform Creator

Risk to Business: 2.003 = Severe - X-cart discovered the danger of vetting errors when attackers exploited a vulnerability in a third-party software tool to gain access to X-Cart’s store hosting systems. Some stores went down completely, while others reported issues with sending email alerts. The incident is under investigation and service has been restored for clients.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Cyberattacks can come from unexpected quarters, like a vulnerability in third-party software that you rely on.

Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: Passly adds essential protection to your systems and data through secure identity and access management to place a strong shield between your business and cybercrime. Call Avantia on 07 30109711 today

THREAT FOCUS: Wildworks (Animal Jam) - UNITED STATES

Exploit: Third Party Data Breach

Wildworks: Video Game Developer

Risk to Business: 1.664 = Severe - Wildworks, the developer of the online kid’s playground Animal Jam, announced a data breach involving a third-party vendor that exposed the information of millions of children on the Dark Web. The information appeared on the Dark Web as the booty of cybercrime gang ShinyHunters. Individual Risk: 1.902 = Severe - Exposed information includes 46 million player usernames, which are human moderated to make sure they do not contain a child’s proper name, 46 million SHA1 hashed passwords and approximately 7 million email addresses of parents whose children registered for Animal Jam. Customers Impacted: 46 million

How it Could Affect Your Business: Third-party service providers may not have the same commitment to data security as you do. It pays to do your homework to avoid these problems whenever possible. Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Avantia Cyber Security & ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. Call Avantia on +61 7 30109711 to find out more.


Exploit: Hacking

Pluto TV: Online Television Service

Risk to Business: 2.166 = Severe - Hackers from the cybercrime gang ShinyHunters have announced the acquisition of 3.2 million Pluto TV user records that were purportedly stolen during a data breach. The data appears to be somewhat out of date, and Pluto TV has not confirmed the breach. Individual Risk: 2.611 = Moderate - Exposed information includes a member’s display name, email address, bcrypt hashed password, birthday, device platform, and IP address. The data is estimated to be about two years old.